rfc3383.txt

RFC 的详细文档！

Network Working Group                                        K. Zeilenga
Request for Comments: 3383                           OpenLDAP Foundation
BCP: 64                                                   September 2002
Category: Best Current Practice


       Internet Assigned Numbers Authority (IANA) Considerations
          for the Lightweight Directory Access Protocol (LDAP)

Status of this Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document provides procedures for registering extensible elements
   of the Lightweight Directory Access Protocol (LDAP).  This document
   also provides guidelines to the Internet Assigned Numbers Authority
   (IANA) describing conditions under which new values can be assigned.

1. Introduction

   The Lightweight Directory Access Protocol (LDAP) [RFC3377] is an
   extensible protocol.  LDAP supports:

   - addition of new operations,
   - extension of existing operations, and
   - extensible schema.

   This document details procedures for registering values of used to
   unambiguously identify extensible elements of the protocol including:

   - LDAP message types;
   - LDAP extended operations and controls;
   - LDAP result codes;
   - LDAP authentication methods;
   - LDAP attribute description options; and
   - Object Identifier descriptors.

   These registries are maintained by the Internet Assigned Numbers
   Authority (IANA).




Zeilenga                 Best Current Practice                  [Page 1]

RFC 3383              IANA Considerations for LDAP        September 2002


   In addition, this document provides guidelines to IANA describing the
   conditions under which new values can be assigned.

2. Terminology and Conventions

   This section details terms and conventions used in this document.

2.1. Policy Terminology

   The terms "IESG Approval", "Standards Action", "IETF Consensus",
   "Specification Required", "First Come First Served", "Expert Review",
   and "Private Use" are used as defined in BCP 26 [RFC2434].

2.2. Requirement Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in BCP 14 [RFC2119].  In
   this case, "the specification" as used by BCP 14 refers to the
   processing of protocols being submitted to the IETF standards
   process.

2.3. Common ABNF Productions

   A number of syntaxes in this document are described using ABNF
   [RFC2234].  These syntaxes rely on the following common productions:

      ALPHA = %x41-5A / %x61-7A    ; A-Z / a-z

      LDIGIT = %x31-39             ; 1-9

      DIGIT = %x30 / LDIGIT        ; 0-9

      HYPHEN = %x2D                ; "-"

      DOT = %x2E                   ; "."

      number = DIGIT / ( LDIGIT 1*DIGIT )

      keychar = ALPHA / DIGIT / HYPHEN

      leadkeychar = ALPHA

      keystring = leadkeychar *keychar

   A keyword is a case-insensitive string of UTF-8 [RFC2279] encoded
   characters from the Universal Character Set (UCS) [ISO10646]
   restricted to the <keystring> production.



Zeilenga                 Best Current Practice                  [Page 2]

RFC 3383              IANA Considerations for LDAP        September 2002


3. IANA Considerations for LDAP

   This section details each kind of protocol value which can be
   registered and provides IANA guidelines on how to assign new values.

   IANA may reject obviously bogus registration requests.

3.1. Object Identifiers

   Numerous LDAP schema and protocol elements are identified by Object
   Identifiers.  Specifications which assign OIDs to elements SHOULD
   state who delegated the OIDs for its use.

   For IETF developed elements, specifications SHOULD use OIDs under
   "Internet Directory Numbers" (1.3.6.1.1.x).  Numbers under this OID
   arc will be assigned upon Expert Review with Specification Required.
   Only one OID per specification will be assigned.  The specification
   MAY then assign any number of OIDs within this arc without further
   coordination with IANA.

   For elements developed by others, any properly delegated OID can
   be used, including those under "Internet Private Enterprise
   Numbers" (1.3.6.1.4.1.x) assigned by IANA
   <http://www.iana.org/cgi-bin/enterprise.pl>.

   To avoid interoperability problems between early implementations of
   "works in progress" and implementations of the published
   specification (e.g., the RFC), experimental OIDs SHOULD be used in
   "works in progress" and early implementations.  OIDs under the
   Internet Experimental OID arc (1.3.6.1.3.x) may be used for this
   purpose.

   Experimental OIDs are not to used in published specifications (e.g.,
   RFCs).

   Practices for IANA assignment of Internet Enterprise and Experimental
   OIDs are detailed in STD 16 [RFC1155].

3.2 Protocol Mechanisms

   LDAP provides a number of Root DSE attributes for discovery of
   protocol mechanisms identified by OIDs, including:

   - supportedControl [RFC2252] and
   - supportedExtension [RFC2252].






Zeilenga                 Best Current Practice                  [Page 3]

RFC 3383              IANA Considerations for LDAP        September 2002


   A registry of OIDs used for discover of protocol mechanisms is
   provided to allow implementors and others to locate the technical
   specification for these protocol mechanisms.  Future specifications
   of additional Root DSE attributes holding values identifying protocol
   mechanisms MAY extend this registry for their values.

   OIDs associated with discoverable protocol mechanisms SHOULD be
   registered.  These are be considered on a First Come First Served
   with Specification Required basis.

   OIDs associated with Standard Track mechanisms MUST be registered and
   require Standards Action.

3.3. Object Identifier Descriptors

   LDAP allows short descriptive names (or descriptors) to be used
   instead of a numeric Object Identifier to identify protocol
   extensions [RFC2251], schema elements [RFC2252], LDAP URL [RFC2255]
   extensions, and other objects.  Descriptors are restricted to strings
   of UTF-8 encoded UCS characters restricted by the following ABNF:

      name = keystring

   Descriptors are case-insensitive.

   Multiple names may be assigned to a given OID.  For purposes of
   registration, an OID is to be represented in numeric OID form
   conforming to the ABNF:

      numericoid = number *( DOT number ) ; e.g., 1.1.0.23.40

   While the protocol places no maximum length restriction upon
   descriptors, they should be short.  Descriptors longer than 48
   characters may be viewed as too long to register.

   A values ending with a hyphen ("-") reserve all descriptors which
   start with the value.  For example, the registration of the option
   "descrFamily-" reserves all options which start with "descrFamily-"
   for some related purpose.

   Descriptors beginning with "x-" are for Private Use and cannot be
   registered.

   Descriptors beginning with "e-" are reserved for experiments and will
   be registered on a First Come First Served basis.

   All other descriptors require Expert Review to be registered.




Zeilenga                 Best Current Practice                  [Page 4]

RFC 3383              IANA Considerations for LDAP        September 2002


   The registrant need not "own" the OID being named.

   The OID namespace is managed by The ISO/IEC Joint Technical Committee
   1 - Subcommittee 6.

3.4. AttributeDescription Options

   An AttributeDescription [RFC2251, Section 4.1.5] can contain zero or
   more options specifying additional semantics.  An option SHALL be
   restricted to a string UTF-8 encoded UCS characters limited by the
   following ABNF:

      option = keystring

   Options are case-insensitive.

   While the protocol places no maximum length restriction upon option
   strings, they should be short.  Options longer than 24 characters may
   be viewed as too long to register.

   Values ending with a hyphen ("-") reserve all option names which
   start with the name.  For example, the registration of the option
   "optionFamily-" reserves all options which start with "optionFamily-"
   for some related purpose.

   Options beginning with "x-" are for Private Use and cannot be
   registered.

   Options beginning with "e-" are reserved for experiments and will be
   registered on a First Come First Served basis.

   All other options require Standards Action or Expert Review with
   Specification Required to be registered.

3.5. LDAP Message Types

   Each protocol message is encapsulated in an LDAPMessage envelope
   [RFC2251, Section 4.1.1].  The protocolOp CHOICE indicates the type
   of message encapsulated.  Each message type consists of a keyword and
   a non-negative choice number is combined with the class (APPLICATION)
   and data type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in
   the message's encoding.  The choice numbers for existing protocol
   messages are implicit in the protocol's ASN.1 defined in [RFC2251].

   New values will be registered upon Standards Action.

   Note:  LDAP provides extensible messages which reduces, but does not
          eliminate, the need to add new message types.



Zeilenga                 Best Current Practice                  [Page 5]

RFC 3383              IANA Considerations for LDAP        September 2002


3.6. LDAP Result Codes

   LDAP result messages carry an resultCode enumerated value to indicate
   the outcome of the operation [RFC2251, Section 4.1.10].  Each result
   code consists of a keyword and a non-negative integer.

   New resultCodes integers in the range 0-1023 require Standards Action
   to be registered.  New resultCode integers in the range 1024-4095
   require Expert Review with Specification Required.  New resultCode
   integers in the range 4096-16383 will be registered on a First Come
   First Served basis.  Keywords associated with integers in the range
   0-4095 SHALL NOT start with "e-" or "x-".  Keywords associated with
   integers in the range 4096-16383 SHALL start with "e-".  Values
   greater than or equal to 16384 and keywords starting with "x-" are
   for Private Use and cannot be registered.

3.7. LDAP Authentication Method

   The LDAP Bind operation supports multiple authentication methods
   [RFC2251, Section 4.2].  Each authentication choice consists of a
   keyword and a non-negative integer.

   The registrant SHALL classify the authentication method usage using
   one of the following terms:

      COMMON      - method is appropriate for common use on the
                    Internet,
      LIMITED USE - method is appropriate for limited use,
      OBSOLETE    - method has been deprecated or otherwise found to be
                    inappropriate for any use.

   Methods without publicly available specifications SHALL NOT be
   classified as COMMON.  New registrations of class OBSOLETE cannot be
   registered.

   New authentication method integers in the range 0-1023 require
   Standards Action to be registered.  New authentication method